|
|
|
|
|
|
by crotchfire
830 days ago
|
|
|
I love this software. It keeps Mullvad from intercepting DNS traffic: if you send cleartext DNS requests on UDP/53 through their network, they intercept it. But DNSCrypt packets are encrypted and authenticated, so they can't. Bonus: DNSCrypt is still packet-based like UDP, so none of the downsides of DoH: no 3-way handshake, no connection pooling, no stream correlation attacks. > It's worth noting that all our VPN servers hijack calls to our public DNS server and that the DNS requests are processed on a local non-logging DNS server installed on that VPN server. https://mullvad.net/en/help/all-about-dns-servers-and-privac... https://old.reddit.com/r/mullvadvpn/comments/invjgp/how_and_... |
|
|